Re: How to configure Squid can improve the performance ？

On 11/04/18 13:48, 赵 俊 wrote:
> Thanks for reading my Email.
>
> I have two questions:
>
> My first question is how many maximum concurrent connection and the
> maximum new connection of squid are.
>

There are 64K ports on an IP address. Your Squid and machine also has a
filedescriptors (FDs) limit it is 64K by default but may be smaller (eg
on Windows it is 256). The smaller of those two numbers is the upper
limit Squid can use.

The ports number is shared between client connections, server
connections and both types of ICAP connections.

The FDs number is shared by the same things as the ports number, as well
as disk files in-use.

You can maybe increase FDs with squid.conf max_filedescriptors, or if
that does not work rebuild Squid with --max-filedescriptors= build
option. Use the ulimit tool on non-Windows machines to increase the OS
limit before starting Squid.

> The second question is how to configure Squid can improve the maximum
> concurrent connection,maximum new connection and the performance .
>

If FD available is being your limit you can maybe increase it with
squid.conf max_filedescriptors config option. Of if that does not work
rebuild Squid with --max-filedescriptors= build option. Use the ulimit
tool on non-Windows machines to increase the OS limit before starting Squid.

The "store_miss deny all" above will be preventing HTTP objects from
caching. That means every request will consume one extra server
connection and ICAP RESPMOD connection.
Your Squid will need some amount of less connections if things are
caching. So you may want to remove this.

ssl_crtd is a little bit unusual for helpers in that it holds up the TLS
handshake which is somewhat critical to do fast. So it is probably best
to use more than startup=1 to reduce Squid memory usage and delays.

As a general "rule of thumb" look at your running proxy and see how many
helpers it is needing to start for your normal traffic. Use that as the
startup= value.

The below cache_dir, object_size, cache_mem, and cache_swap directives
are not useful while you have "store_miss deny all" preventing cache
storage being used.

You can maybe improve ICAP connection use by tuning some traffic not to
use adaptation. For example CONNECT messages are being SSL-Bump'ed so
they are best not to be adapted.
For example:
adaptation_access service_req deny CONNECT
adaptation_access service_req allow all